Cybersecurity researchers at Flashpoint reported rising prices for access to RDP servers, stolen payment card data, and a DDoS-as-a-service business model in underground forums and marketplaces.
“As a result of the pandemic and related global trends, the demand for malicious and illegal goods, services and stolen data has reached a new peak in the darknet markets. We have seen what can be described as impressive, insightful innovations across the entire cybercrime ecosystem, ”said the experts.
After in-depth research into the underground market, experts found that the prices of stolen payment card data rose sharply in 2020 – from $ 14.64 in 2019 to $ 20.16 in 2020. Meanwhile, the price of payment card dumps also increased from $ 24.19 in 2019 to $ 26.50 on average in 2020.
Microsoft’s proprietary Remote Desktop Protocol, used to give system administrators the ability to remotely connect to corporate devices and to update servers, continues to be a favorite with cybercriminals. The popularity of RDP lists among cybercriminals continues to grow. On underground marketplaces in 2020, the prices for RDP access differ: global administrative access costs $ 10, and hacked RDP – $ 35.
Meanwhile, according to the researchers, prices for DDoS services have been on the rise since 2017. Whereas in 2017 the standard offers of DDoS mercenaries rarely exceeded $ 27, in 2020 a 10-minute DDoS attack (60 Gbps) costs $ 45, and a four-hour DDoS attack (15 Gbps) costs an average of $ 55. The price for a fully managed DDoS attack is $ 165. Several factors are behind the rise in prices, the researchers said.
“First, the shutdown of larger websites must be tailor-made due to improvements in DDoS protection offerings and widespread use of content distribution networks that are beyond the reach of all but the most advanced criminals. However, there are still cases where attackers can successfully attack large resources, for example, disabling Wikipedia with a DDoS attack in September 2019. ”
DDoS services that charge hourly rates are also becoming more popular, they said.
The cost of sensitive data for fraudulent schemes and automated cyber attacks is on the rise again. For example, the cost of recording the so-called “dumps” of payment cards, that is, complete information about the card, has increased by 225% since 2018. High demand for stolen identity also includes Fullz lists, which contain various combinations of identity and banking information such as bank logs, routing numbers, payment cards, government-issued IDs, and personal information, including records of social security numbers or dates. birth.